
PEACH
Uma estrutura de isolamento de inquilino
CVE-2025-67862 is a "Restricted CLI Escape Using Lua" vulnerability (CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State) in Fortinet FortiOS and FortiProxy. It allows an authenticated administrator to execute arbitrary Lua scripts via crafted CLI commands, effectively escaping the restricted CLI environment. Affected versions include FortiOS 6.4 (all versions), 7.0.0–7.0.16, 7.2.0–7.2.10, 7.4.0–7.4.7, and 7.6.0–7.6.2; and FortiProxy 7.0 (all versions), 7.2.0–7.2.14, 7.4.0–7.4.10, and 7.6.0–7.6.3. The vulnerability was publicly disclosed on June 9, 2026, and was reported by the UK's National Cyber Security Centre (NCSC) under responsible disclosure. It carries a CVSSv3 base score of 6.0–6.7 (Medium/High), requiring local access and high privileges (FortiGuard Advisory).
The root cause is classified as CWE-1244 (Internal Asset Exposed to Unsafe Debug Access Level or State), where debug-level Lua scripting capabilities remain accessible through the CLI in production firmware. An authenticated administrator can craft specific CLI commands that invoke the embedded Lua interpreter, bypassing the intended restrictions of the FortiOS/FortiProxy restricted shell environment. Exploitation requires local access and administrative credentials (high privilege), with no user interaction needed and low attack complexity. No public proof-of-concept code has been identified (FortiGuard Advisory).
Successful exploitation allows an authenticated admin to execute arbitrary Lua scripts on the affected system, resulting in high impact to confidentiality, integrity, and availability. An attacker with admin CLI access could read sensitive configuration files and credentials, modify system settings, corrupt data, or crash services. While the attack vector is local and requires existing administrative access, this vulnerability could be leveraged as part of a post-compromise escalation or persistence technique on network security appliances (FortiGuard Advisory).
Fortinet has released patched versions addressing this vulnerability: FortiOS 7.6.3 or above, FortiOS 7.4.8 or above, FortiOS 7.2.11 or above, FortiProxy 7.6.4 or above, FortiProxy 7.4.11 or above, and FortiProxy 7.2.15 or above. Note that FortiOS 7.0 and 6.4 branches and FortiProxy 7.0 are listed as affected with no patch version specified in the advisory, so upgrading to a supported branch is recommended. As interim mitigations, restrict CLI access to trusted administrators only, enforce strict access controls on management interfaces, and monitor for suspicious CLI command patterns. Use the Fortinet upgrade path tool at https://docs.fortinet.com/upgrade-tool to plan upgrades (FortiGuard Advisory).
The vulnerability was reported to Fortinet by the UK's National Cyber Security Centre (NCSC) under responsible disclosure, indicating coordinated handling prior to public release (FortiGuard Advisory). Heise (a German technology publication) covered the disclosure as part of a broader roundup of Fortinet security fixes released in June 2026 (Heise News). Community reaction has been relatively muted given the requirement for authenticated admin access, with no significant social media controversy or researcher commentary identified beyond standard vulnerability tracking.
Origem: Este relatório foi gerado usando IA
Avaliação de vulnerabilidade gratuita
Avalie suas práticas de segurança na nuvem em 9 domínios de segurança para comparar seu nível de risco e identificar lacunas em suas defesas.
Marque uma demonstração personalizada
"A melhor experiência do usuário que eu já vi, fornece visibilidade total para cargas de trabalho na nuvem."
"A Wiz fornece um único painel de vidro para ver o que está acontecendo em nossos ambientes de nuvem."
"Sabemos que se a Wiz identifica algo como crítico, na verdade é."